add ad policies

2026-01-30 15:30:45 +00:00 · 2023-05-04 14:46:40 +02:00
parent fd8bdad946
commit 9ba715860e
5 changed files with 38 additions and 2 deletions
--- a/opa/ad/delete.rego
+++ b/opa/ad/delete.rego
@@ -0,0 +1,11 @@
 package AD.DELETE
 default allow := false
 allow {
 	input.userUuid == input.owner
 }
 allow {
 	input.role == "admin"
 }
--- a/opa/ad/list.rego
+++ b/opa/ad/list.rego
@@ -0,0 +1,3 @@
 package AD.LIST
 default allow := true
--- a/opa/ad/read.rego
+++ b/opa/ad/read.rego
@@ -0,0 +1,11 @@
 package AD.READ
 default allow := false
 allow {
    input.userUuid == input.owner
 }
 allow {
    input.role == "admin"
 }
--- a/opa/ad/update.rego
+++ b/opa/ad/update.rego
@@ -0,0 +1,11 @@
 package AD.UPDATE
 default allow := false
 allow {
 	input.userUuid == input.owner
 }
 allow {
 	input.role == "admin"
 }
--- a/opa/user/read.rego
+++ b/opa/user/read.rego
@@ -2,10 +2,10 @@ package USER.READ
 default allow := false
-allow := true {
+allow {
    input.uuid == input.owner
 }
-allow := true {
+allow {
    input.role == "admin"
 }